bugzilla-daemon at bugzilla.netfilter.org
2012-May-25 09:46 UTC
[Bug 790] New: Normalize iptables rules
http://bugzilla.netfilter.org/show_bug.cgi?id=790
Summary: Normalize iptables rules
Product: iptables
Version: unspecified
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables-restore
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: tothandor at gmail.com
Estimated Hours: 0.0
Hello,
I wonder if you could add for e.g. a --test-save switch to iptables-restore
besides --test, to output a normalized form of iptables rules (like
iptables-save does).
It would really help to compare different set of generated/human written rules,
which is otherwise quite difficult, because rule-specification parameters could
vary.
There were discussion about this issue on GMane, but the suggested use of
iptables-xml does not help.
# diff -U0 ipt1.iptables ipt2.iptables
--- ipt1.iptables 2012-05-25 10:58:22.109505789 +0200
+++ ipt2.iptables 2012-05-25 11:03:16.965505418 +0200
@@ -9 +9 @@
--A INPUT -p tcp -m state --state NEW -m tcp -j ACCEPT --dport 23
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
# diff -U0 <(iptables-xml ipt1.iptables | xsltproc iptables.xslt -)
<(iptables-xml ipt2.iptables | xsltproc iptables.xslt -)
--- /dev/fd/63 2012-05-25 11:40:14.656504904 +0200
+++ /dev/fd/62 2012-05-25 11:40:14.656504904 +0200
@@ -9 +9 @@
--A INPUT -p tcp -m state --state NEW -m tcp -j ACCEPT --dport 23
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
Tested on iptables version 1.4.7.
Bests,
Andor
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:38 UTC
[Bug 790] Normalize iptables rules
http://bugzilla.netfilter.org/show_bug.cgi?id=790
Peter Wu <lekensteyn at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |lekensteyn at gmail.com
Resolution| |DUPLICATE
--- Comment #1 from Peter Wu <lekensteyn at gmail.com> 2012-06-25 22:38:36
CEST ---
Root issue + patch is available in
http://bugzilla.netfilter.org/show_bug.cgi?id=774
*** This bug has been marked as a duplicate of bug 774 ***
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-26 07:27 UTC
[Bug 790] Normalize iptables rules
http://bugzilla.netfilter.org/show_bug.cgi?id=790
Andor <tothandor at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|DUPLICATE |
--- Comment #2 from Andor <tothandor at gmail.com> 2012-06-26 09:27:29
CEST ---
The bug 774 marked as the duplicate of this bug is a completely different
thing. It describes a parameter parsing problem, but this bug is about
parameter ordering problem, that hinders the ability to compare two set of
rules.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-26 07:56 UTC
[Bug 790] Normalize iptables rules
http://bugzilla.netfilter.org/show_bug.cgi?id=790 --- Comment #3 from Peter Wu <lekensteyn at gmail.com> 2012-06-26 09:56:08 CEST --- My bad, I picked the wrong bug from the search list. My apologies. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.